CVE-2021-0260Improper Authorization in Networks Junos OS

CWE-285Improper AuthorizationCWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereCWE-863Incorrect Authorization4 documents4 sources
Severity
7.3HIGHNVD
EPSS
0.7%
top 28.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 22
Latest updateMay 24

Description

An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthenticated attacker being able to perform SNMP read actions, an Exposure of System Data to an Unauthorized Control Sphere, or write actions to OIDs that support write operations, against the device without authentication. This issue affects: Juniper Networks Junos OS: 17.2 version 17.2R1 and later versions; 17.3 versions prior to 17.3R3-S9; 17.4 vers

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 3.9 | Impact: 3.4

Affected Packages2 packages

CVEListV5juniper_networks/junos_os17.2R117.2*+9
NVDjuniper/junos10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-pcw8-h376-q646: An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthe2022-05-24
CVEList
Junos OS: SNMP fails to properly perform authorization checks on incoming received SNMP requests.2021-04-22

📋Vendor Advisories

1
Juniper
CVE-2021-0260: An improper authorization vulnerability in the Simple Network Management Protocol daemon (snmpd) service of Juniper Networks Junos OS leads an unauthe2021-04-22
CVE-2021-0260 — Improper Authorization | cvebase